Overview

overview

10

Static

static

8

adjure.04....1.docm

windows7-x64

4

adjure.04....1.docm

windows10-2004-x64

6

jaazci2.dll

windows7-x64

1

jaazci2.dll

windows10-2004-x64

1

leftTitleRepo.dll

windows7-x64

10

leftTitleRepo.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    189s
  • max time network
    207s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-03-2024 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    leftTitleRepo.dll

  • Size

    55KB

  • MD5

    0d366e2470025a3bd66baa22c6aa78df

  • SHA1

    45e57932f502b4658546d626b76b93a5136c0239

  • SHA256

    2f20a4b32df2bcdd3a013998c40079a021e42203b0f7d44cdc85c8ab8689c5b0

  • SHA512

    fe243d4f28b287c262b72598b4cb76451637dd76486428e84e2ffd99d03af2f8666833addf6dd9e6dda1744b688bb8c6634e74c90815432ce275e47fb69b9c45

  • SSDEEP

    768:Pn8Sg0+bpDPQPqxBtfQqxonY1rCsxPbEBJHVpEyVfkgAv36HAV1Mb7nTaqx:kDtEQBaQoSPIB5evK6qbna8

Score
10/10
icedid3025732026bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3025732026

C2

desazasilkor.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\leftTitleRepo.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4140-0-0x0000000002660000-0x00000000026B4000-memory.dmp

    Filesize

    336KB

    Download